Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

6

Static

static

1

Riot Vangu...er.exe

windows10-2004-x64

6

Riot Vangu...er.exe

windows10-2004-x64

1

Riot Vanguard/vgc.exe

windows10-2004-x64

6

Riot Vanguard/vgk.sys

windows10-2004-x64

1

Riot Vangu...rl.dll

windows10-2004-x64

1

Riot Vangu...ay.exe

windows10-2004-x64

1

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240426-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15/05/2024, 20:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Riot Vanguard/vgc.exe

  • Size

    9.2MB

  • MD5

    db5a77fc97d4e1f79a796280f81ff484

  • SHA1

    98dfb793a880050c228aab9a699a243bce8d4a7b

  • SHA256

    435791a28a753a04288dff7e01bee38922905bd9d2b9a47c9a4a6679c7c6ae67

  • SHA512

    e7d886928e9c84351ea4fbe5a09c2f055db916f100bb674ff4f2d5585cd5243b2350294fb45a3687a202b1458a879c8abdb243d2c0c4f1e0d11d8017be65d3ac

  • SSDEEP

    196608:RG6xahLimV4bhhaqBf+cdSyf+u2/sCYM+29PodVN7QqL7TQfKXHLztM:zxaVJUhtBnSyD2/H+29+VN7tLoC3Lp

Score
6/10
discoverypersistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Drops desktop.ini file(s) 1 IoCs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Drops file in Program Files directory 18 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Riot Vanguard\vgc.exe
    "C:\Users\Admin\AppData\Local\Temp\Riot Vanguard\vgc.exe"
    1⤵
    • Adds Run key to start application
    • Drops desktop.ini file(s)
    • Drops file in Program Files directory
    • Suspicious behavior: EnumeratesProcesses
    PID:3276

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Program Files\desktop.ini
    Filesize

    174B

    MD5

    6383522c180badc4e1d5c30a5c4f4913

    SHA1

    62a30e96459b694f7b22d730c460a65cd2ebaaca

    SHA256

    4705ba6793dc93c1bbe2a9e790e9e22778d217531b1750471206fd5c52bbd2b5

    SHA512

    7cf603201e13fb85873c9aa07388429cbd1ea1fbf5ee9fc785d1ca4da0cf565db70e705636bf62f600fc6c5e16fd9395a8f92cd7d60882d015dbfb087fb33f54

    Download Submit

  • memory/3276-4-0x00007FF7DEE14000-0x00007FF7DF3E0000-memory.dmp

    Filesize

    5.8MB

    Download

  • memory/3276-0-0x00007FF7DE9B0000-0x00007FF7DFCFE000-memory.dmp

    Filesize

    19.3MB

    Download

  • memory/3276-48-0x00007FF7DEE14000-0x00007FF7DF3E0000-memory.dmp

    Filesize

    5.8MB

    Download